Skip to content
Snippets Groups Projects
Normal view History Permalink
troubleshooting.md 2.13 KiB
Newer Older
Varac's avatar
Add troubleshooting doc
Varac committed
1 2 
# Troubleshooting
Varac's avatar
Requested changes from review  
Varac committed
3 
Note: `cluster$` indicates that the commands should be run as root on your OAS cluster.
Varac's avatar
Add troubleshooting doc
Varac committed
4
Varac's avatar
Start upgrading section in troubleshooting.md  
Varac committed
5 6 
## Upgrading
Maarten de Waard's avatar
Apply suggestion to docs/troubleshooting.md  
Maarten de Waard committed
7 
If you encounter problems when you upgrade your cluster, please make sure first
Varac's avatar
Start upgrading section in troubleshooting.md  
Varac committed
8 
to include all potential new values of `ansible/group_vars/all/settings.yml.example`
Varac's avatar
Move settings.yml to group_vars/all so pytest can use it  
Varac committed
9 
to your `clusters/YOUR_CLUSTERNAME/group_vars/all/settings.yml`, and rerun the installation
Varac's avatar
Start upgrading section in troubleshooting.md  
Varac committed
10 11 12 
script.
Varac's avatar
Add troubleshooting doc
Varac committed
13 14 15 16 17 18 19 20 
## HTTPS Certificates

OAS uses [cert-manager](http://docs.cert-manager.io/en/latest/) to automatically
fetch [Let's Encrypt](https://letsencrypt.org/) certificates for all deployed
services. If you experience invalid SSL certificates (i.e. your browser warns you
when visiting Nextcloud (`https://files.YOUR.CLUSTER.DOMAIN`) here's how to
debug this:
Maarten de Waard's avatar
use acme live env. by default. Also change default VPS hostname to cluster...  
Maarten de Waard committed
21 
Did you create your cluster using the `--acme-staging` argument?
Varac's avatar
Requested changes from review  
Varac committed
22 
Please check the resulting value of the `acme_staging` key in
Varac's avatar
Move settings.yml to group_vars/all so pytest can use it  
Varac committed
23 
`clusters/YOUR_CLUSTERNAME/group_vars/all/settings.yml`. If this is set to `true`, certificates
Varac's avatar
Requested changes from review  
Varac committed
24 25 26 
are fetched from the [Let's Encrypt staging API](https://letsencrypt.org/docs/staging-environment/),
which can't be validated by default in your browser.
Varac's avatar
Improve cert-manager troubleshooting  
Varac committed
27 
Are all cert-manager pods in the `oas` namespace in the `READY` state ?
Varac's avatar
Add troubleshooting doc
Varac committed
28
Varac's avatar
Improve cert-manager troubleshooting  
Varac committed
29 30 31 32 33 
    cluster$ kubectl -n oas get pods | grep cert-manager

Are there any `cm-acme-http-solver-*` pods still running, indicating that there
are unfinished certificate requests ?
Varac's avatar
Apply suggestion to docs/troubleshooting.md  
Varac committed
34 
    cluster$ kubectl get pods --all-namespaces | grep cm-acme-http-solver
Varac's avatar
Add troubleshooting doc
Varac committed
35 36 37 

Show the logs of the main `cert-manager` pod:
Varac's avatar
Improve cert-manager troubleshooting  
Varac committed
38 
    cluster$ kubectl -n oas logs -l "app.kubernetes.io/name=cert-manager"
Varac's avatar
Add troubleshooting doc
Varac committed
39 40 41 42 43 44 45 46 47 48 49 

You can `grep` for your cluster domain or for any specific subdomain to narrow
down results.


## Purge OAS and install from scratch

If ever things fail beyond possible recovery, here's how to completely purge an OAS installation in order to start from scratch:

    cluster$ apt purge docker-ce-cli containerd.io
    cluster$ mount | egrep '^(tmpfs.*kubelet|nsfs.*docker)' | cut -d' ' -f 3 | xargs umount
Varac's avatar
Start upgrading section in troubleshooting.md  
Varac committed
50 
    cluster$ systemctl reboot
Varac's avatar
Add troubleshooting doc
Varac committed
51 
    cluster$ rm -rf /var/lib/docker /var/lib/OpenAppStack /etc/kubernetes /var/lib/etcd /var/lib/rancher /var/lib/kubelet /var/log/OpenAppStack /var/log/containers /var/log/pods